Modifying a Kerberos User Mapping

This section describes how to modify the mapping mode, source user, target user, priority of a user mapping. The new user mapping can be used to access shares.

Procedure

Choose Resources > Access > Authentication User > User Mappings > Kerberos to UNIX.
Select a desired account from the Account drop-down list in the upper left corner.
Click More on the right of a desired user mapping and select Modify.
The Modify User Mapping page is displayed on the right.

Set basic user mapping parameters.

Table 1 describes related parameters.

**Table 1** Basic user mapping parameters
Parameter	Description
Mapping Mode	Kerberos to UNIX: When accessing UNIX shares using Kerberos authentication through a client, a Kerberos user has all the permission granted to the target user.
Source User	Source user in a mapping. The source user must be an uppercase client host name. If KDC Vendor is set to Windows, add $ as the suffix. Example, HOSTNAME$. If KDC Vendor is set to Non-Windows, add the domain name as the suffix. Example, HOSTNAME.example.com, where HOSTNAME is the uppercase client host name. Wildcard () is supported. For example, indicates all client hosts, and CLIENT* indicates hosts whose names start with CLIENT.
Target User	Target user in a mapping. The target user can be: A local UNIX user on the storage system: Map the permissions of the source users to the local UNIX user on the storage system. If there is no local UNIX user, create one. An LDAP or NIS domain user: Map the permissions of the source users to the LDAP or NIS domain user. Set this parameter based on the permission requirements of the target user.
Priority	Priority of a mapping. A smaller value indicates a higher priority. When multiple mappings share the same source user, the system uses the mapping with the highest priority. [Value range] 1~32

Click OK.

Parent topic: Managing Kerberos User Mappings